Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume VIII - Issue #73

September 15, 2006

A special invitation: You'll recall last year we had to move SANS' big fall training program to Los Angeles from New Orleans because of Hurricane Katrina. We went to see New Orleans this summer and were amazed how much the city has come back - hotels, restaurants, Bourbon Street, the waterfront, all of it. We decided to run a special SANS conference in November, and we hope everyone who has ever enjoyed New Orleans will come back with us. To make it worth your while, Eric Cole himself will be teaching an updated SANS Security Essentials program; Ed Skoudis (the nation's top malware expert) will be teaching the hacker exploits track, Jason Fossen (just an amazing teacher) will be teaching Windows Security. We'll also have Security Leadership training for anyone who needs DoD 8570 management certification, and a phenomenal course on securing wireless. It's November 14-21. Please join us in saluting New Orleans and enjoying the best possible SANS training in one of America's great cities. Details: http://www.sans.org/neworleans06/event.php

The Hack is Back! In Fiberlink's new on-demand video/companion guide, our ethical hacker demonstrates four advanced hacks using techniques used to target mobile endpoints and the corporate network. Learn about the changing security landscape, current hacking techniques used to exploit vulnerabilities on mobile systems, and fundamental security strategy changes that can protect your mobile enterprise from attack.http://www.sans.org/info.php?id=1345 *************************************************************************

Network Security 2006 (Las Vegas, Oct. 1-8) is the only place to find all 20 of SANS highest rated teachers. How Good Are The Courses at SANS Network Security 2006? Ask the alumni. ++ "I have attended courses by several of SANS rivals, and SANS blew them away." - Alton Thompson, US Marines ++ "This is the only conference/training I've ever attended at which I learned techniques and found tools I could apply immediately." - Dwight Leo, Defense Logistics Agency, DLA ++ "This program provided the opportunity to learn from many of the people who are defining the future direction of information technology" - - Larry Anderson, Computer Sciences Corp. ++ "The SANS classes have been uniformly excellent. To learn as much through traditional classes would have entailed weeks away from work." - - David Ritch, Department of Defense See: http://www.sans.org/ns2006/caag.php ***********************************************************************

TOP OF THE NEWS

The US Department of Homeland Security (DHS) has released a report detailing the findings of its Cyber Storm exercise that took place in February 2006. It was designed to simulate events requiring the need for coordination between public and private entities in the face of a major cyber attack or natural disaster. The exercise simulated the effects an attack could have on a variety of critical infrastructure elements, and was designed to simulate cascading events. DHS said the exercise provided valuable information about the ability of numerous public and private organizations to work together in the face of disaster. According to the report, the public and private sectors need to improve the coordination of their communication regarding multiple events. -http://www.eweek.com/print_article2/0,1217,a=188583,00.asp-http://www.dhs.gov/dhspublic/display?content=5827-http://www.dhs.gov/interweb/assetlibrary/prep_cyberstormreport_sep06.pdf[Editor's Note (Schultz): A seven-month delay between the time the exercise was held and the time the report became available seems excessive--perhaps one indicator of what is wrong in cooperation between the private and public sectors. (Northcutt): Nice job on the report, well worth your time to read it then think about your own DR/BCP processes. The conclusion is not surprising, in a major event of any sort, communication is always the problem. In a real event, the telephone system usually fails due to overload. So what are the simple things you can plan to do in advance? - - Shared, password protected, voicemail box on your PBX so critical staff can leave information for one another - - Family radios, these are great, we use them at conferences all the time, more channels is better - - Web server with static pages (remember those) password protected for updates in bandwidth challenged conditions - - Pre-assigned, trained runners and drivers to move files around by DVD or tape ( high latency, but pretty high bandwidth ) - - But most important are your ideas, if you have a good one, send it to Stephen@sans.edu]

Isis Machado and Fernando Ferrer, Jr. were indicted on charges of conspiracy to commit computer fraud, conspiracy to commit identity theft and conspiracy to wrongfully disclose individually identifiable health information as well as charges related to fraud in connection with computers and violations of the Health Insurance Portability and Accountability Act (HIPAA). Machado and Ferrer allegedly conspired to steal personal medical information belonging to more than 1,100 Cleveland Clinic Florida patients and using it to make more than US$2.8 million in phony Medicare claims. The Cleveland Clinic has sent letters to patients whose data were stolen. If convicted of charges against them, Machado and Ferrer could each face up to 10 years in prison and fines of up to US$250,000. -http://www.sun-sentinel.com/news/local/southflorida/sfl-dfraud09sep09,0,2612716,print.story?coll=sfla-home-headlines

California AG Has Evidence for Indictments in HP Case; Dunn to Step Down (13 & 12 September 2006)

2) The Process Control & SCADA Security Summit, September 28 - 30, is a must-attend event for the technical and procurement managers of any organization that relies on automated industrial control systems and for the system integrators and system vendors that support them. http://www.sans.org/info.php?id=1347

Nevada-based bulk emailer KSTM LLC has been ordered to pay Earthlink US$11 million for sending spam to Earthlink customers. The judgment from a federal court in Atlanta also prohibits the firm from spoofing the "from" fields in email, hiding the sender's identity, selling email addresses and accessing or obtaining Earthlink accounts. The suit was brought under the CAN-SPAM Act. Earthlink has won more than US$200 million in judgments against spammers over the last 10 years. -http://www.theregister.com/2006/09/13/earthlink_nevada_spammer_judgment/print.html[Editor's Note (Northcutt): The real question is how much money they have actually collected, but they certainly are working hard using the CAN-SPAM legal tool. Visit -http://www.earthlink.net/about/press/category/#memberexperience and then use find on the keyword "spam" for further information. (Schultz): It is wonderful that Earthlink is winning court cases against spammers. At the same time, however, I very much agree with the commentary in the full version of this news item at -http://www.theregister.com/2006/09/13/earthlink_nevada_spammer_judgment/print.html. Much of the money that Earthlink has "won" has not ended up in its hands. Many if not most spammers cannot pay even a fraction of the money they have been ordered to pay.]

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES

Microsoft Releases Three New Security Bulletins and Revised IE Bulletin, but No Patch for Word 2000 Flaw (14, 13 & 12 September 2006)

. If you currently have a version of Flash Player installed, you will see a "Version Information" box in the middle of the screen. If you do not have Flash Player installed, you will see a green jigsaw puzzle piece icon and a "Click here to download plugin" link. If you have version 8.x or older, you need to update. 2) To get the new software, go to -http://www.adobe.com and click on the 'Get Adobe Flash Player' button. On the next web page, click 'Download Now'. Save the download to your desktop and then run it. 3) Now go back to -http://www.macromedia.com/software/flash/about/">-http://www.macromedia.com/software/flash/about/

. You should now be running version 9.0.16.0.]

ATTACKS, INTRUSIONS, DATA THEFT & LOSS

Thirty-one computer tapes holding information about hundreds of thousands of British Columbia citizens are missing from a government facility in Victoria. The data on the tapes could be used to commit identity fraud. A confidential government report about the incident obtained by the Vancouver Sun recommends not making the tapes' disappearance public knowledge. Canadian law does not require that individuals be notified in the event of a possible data breach. The government became aware the tapes were missing in August 2005. -http://www.canada.com/victoriatimescolonist/news/story.html?id=e1b03e3e-d043-4e64-9a09-415a24636751&k=71796[Editor's Note (Schultz): Even if Canadian law does not mandate that people whose personal data are compromised, decency and ethics do. ]

On August 14 or 15, two laptop computers were stolen from a campus office at the University of Minnesota. The computers hold data belonging to 13,064 current and former students who entered the university as freshmen between 1992 and 2006. The data include names, birthdates, high schools attended, test scores and academic probation information. The computers also contain the Social Security numbers (SSNs) of 603 of the students. The school is making efforts to contact affected individuals to inform them of the data breach. The data were stored on a hard drive, which is "not standard operating procedure," according to a university spokesperson. -http://www.twincities.com/mld/pioneerpress/news/local/15475291.htm

Bank of Montreal Laptop Stolen (8 September 2006)

A laptop computer stolen from an Ottawa branch of BMO Bank of Montreal holds personally identifiable data belonging to approximately 900 bank clients. The computer was stolen in May; police were notified of the theft on May 18. A bank spokesperson said there has been no evidence that the information has been used fraudulently. BMO Bank of Montreal has advised the affected customers to monitor their accounts for suspicious activity. -http://ottsun.canoe.ca/News/OttawaAndRegion/2006/09/08/pf-1814249.html

Missing Laptop Prompts Security Review (7 September 2006)

A laptop computer stolen from the car of a Florida National Guard soldier contained no classified information, but did hold personally identifiable information belonging to as many as 100 Florida National Guard soldiers. The computer was stolen on September 5. The incident has prompted the Florida National Guard to conduct a security review. -http://www.floridatoday.com/apps/pbcs.dll/article?AID=/20060907/BREAKINGNEWS/60907027/1086The Editorial Board of SANS NewsBites

Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Johannes Ullrich is Chief Technology Officer of the Internet Storm Center, to the Editorial Board.

Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair of the President's Critical Infrastructure Protection Board.

Bruce Schneier has authored eight books -- including BEYOND FEAR and SECRETS AND LIES -- and dozens of articles and academic papers. Schneier has regularly appeared on television and radio, has testified before Congress, and is a frequent writer and lecturer on issues surrounding security and privacy.

Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer for the State of Colorado.

Alan Paller is director of research at the SANS Institute.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Rohit Dhamankar is the Lead Security Architect at TippingPoint, a division of 3Com, and authors the critical vulnerabilities section of the weekly SANS Institute's @RISK newsletter and is the project manager for the SANS Top20 2005 and the Top 20 Quarterly updates.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Koon Yaw Tan leads the cyber threat intent team for Infocomm Development Authority (IDA) of the Singapore government.

Chuck Boeckman is a Principal Information Security Engineer at a non-profit federally funded research and development corporation that provides support to the federal government.

Gal Shpantzer is a trusted advisor to several successful IT outsourcing companies and was involved in multiple SANS projects, such as the E-Warfare course and the Business Continuity Step-by-Step Guide.

Brian Honan is an independent security consultant based in Dublin, Ireland.

Roland Grefer is an independent consultant based in Clearwater, Florida.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/